<?php
/* -------------------------------------------------------------------------------------
* 	ID:						$Id: product_reviews_write.php 202 2013-09-22 07:58:59Z phone.mueller@googlemail.com $
* 	Letzter Stand:			$Revision: 202 $
* 	zuletzt geaendert von:	$Author: siekiera $
* 	Datum:					$Date: 2013-09-22 07:58:59 +0000 (Sun, 22 Sep 2013) $
*
* 	SEO:mercari by Siekiera Media
* 	http://www.seo-mercari.de
*
* 	Copyright (c) since 2011 SEO:mercari
* --------------------------------------------------------------------------------------
* 	based on:
* 	(c) 2000-2001 The Exchange Project  (earlier name of osCommerce)
* 	(c) 2002-2003 osCommerce - www.oscommerce.com
* 	(c) 2003     nextcommerce - www.nextcommerce.org
* 	(c) 2005     xt:Commerce - www.xt-commerce.com
*
* 	Released under the GNU General Public License
* ----------------------------------------------------------------------------------- */

include ('includes/application_top.php');

$smarty = new Smarty;

$captcha_site = '_reviews';

require (DIR_FS_CATALOG.'templates/'.CURRENT_TEMPLATE.'/source/boxes.php');

if ($_SESSION['customers_status']['customers_status_write_reviews'] == 0)
    redirect(href_link(FILENAME_LOGIN, '', 'SSL'));

if(isset ($_GET['action']) && $_GET['action'] == 'process') {
	if (is_object($product) && $product->isProduct()) { // We got to the process but it is an illegal product, don't write
		$url = href_link(FILENAME_PRODUCT_INFO,'products_id='.$product->data['products_id']);

		if(($_POST['security_code_reviews'] != $_SESSION['security_code_reviews']) || (!empty($_SESSION['security_code_reviews']) && empty($_POST['security_code_reviews']))) {
			$_SESSION['error_msg'] = TEXT_WRONG_CODE;
			$_SESSION['tmp_review'] = $_POST['review'];
			redirect($url.'#reviews');
			
		} else {
			$customer = $db->db_query("SELECT customers_firstname, customers_lastname FROM ".TABLE_CUSTOMERS." WHERE customers_id = '".(int) $_SESSION['customer_id']."'");
			$date_now = date('Ymd');
			if($customer->fields['customers_lastname'] == '')
				$customer->fields['customers_lastname'] = TEXT_GUEST;
			$db->db_query("INSERT INTO ".TABLE_REVIEWS." 
								(products_id, 
								customers_id, 
								customers_name, 
								reviews_rating, 
								date_added) 
							VALUES 
								('".$product->data['products_id']."', 
								'".$_SESSION['customer_id']."', 
								'".$customer->fields['customers_firstname'].' '.$customer->fields['customers_lastname']."', 
								'".$_POST['rating']."', now())");
									
			$insert_id = $db->db_insert_id();
			
			$db->db_query("INSERT INTO ".TABLE_REVIEWS_DESCRIPTION." 
								(reviews_id, 
								languages_id, 
								reviews_text) 
							VALUES 
								('".$insert_id."', 
								'".$_SESSION['languages_id']."', 
								'".$_POST['review']."')");
			unset($_SESSION['tmp_review']);
			$_SESSION['success_msg'] = TEXT_REVIEW_SUCCESS_MSG;	
			redirect($url.'#reviews');
		}
	}
}

$get_params = get_all_get_params();
$get_params_back = get_all_get_params(array ('reviews_id'));
$get_params = substr($get_params, 0, -1);
if (not_null($get_params_back))
	$get_params_back = substr($get_params_back, 0, -1);
else
	$get_params_back = $get_params;

$breadcrumb->add(NAVBAR_TITLE_REVIEWS_WRITE, href_link(FILENAME_PRODUCT_REVIEWS, $get_params));

$name_query = $db->db_query("SELECT 
								customers_firstname, 
								customers_lastname 
							FROM 
								".TABLE_CUSTOMERS." 
							WHERE 
								customers_id = '".$_SESSION['customer_id']."'");

require (DIR_WS_INCLUDES.'header.php');

if(!$product->isProduct())
	$smarty->assign('error', ERROR_INVALID_PRODUCT);
	
else {
	if($name_query->fields['customers_firstname'] == '')
		$name = TEXT_GUEST;
	else
		$name = $name_query->fields['customers_firstname'].' '.$name_query->fields['customers_lastname'];

	$smarty->assign('AUTHOR', $name);
	$smarty->assign('PRODUCTS_NAME', $product->data['products_name']);
	$smarty->assign('INPUT_TEXT', draw_textarea_field('review', 'soft', 60, 8, '', 'style="width:98.5%"', false));
	$smarty->assign('INPUT_RATING', draw_radio_field('rating', '1','','class="star"').' '.draw_radio_field('rating', '2','','class="star"').' '.draw_radio_field('rating', '3','','class="star"').' '.draw_radio_field('rating', '4','','class="star"').' '.draw_radio_field('rating', '5','','class="star"'));
	$smarty->assign('FORM_ACTION', draw_form('product_reviews_write_new', href_link(FILENAME_PRODUCT_REVIEWS_WRITE, 'action=process&'.product_link($product->data['products_id'],$product->data['products_name'])), 'post', 'onSubmit="return checkForm();"'));
	$smarty->assign('BUTTON_BACK', '<a href="javascript:history.back(1)">'.image_button('button_back.gif', IMAGE_BUTTON_BACK).'</a>');
	$smarty->assign('BUTTON_SUBMIT', image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE).draw_hidden_field('get_params', $get_params));

	$smarty->assign('FORM_END', '</form>');
	unset($_SESSION['tmp_review']);
}
$smarty->assign('language', $_SESSION['language']);

$smarty->caching = false;
$main_content = $smarty->fetch(CURRENT_TEMPLATE.'/module/product_reviews_write.html');
$smarty->assign('main_content', $main_content);
$smarty->caching = false;
if (!defined('RM'))
	$smarty->loadFilter('output', 'note');
$smarty->loadFilter('output','trimwhitespace');
$smarty->display(CURRENT_TEMPLATE.'/index.html');
include ('includes/application_bottom.php');
?>